I'm using Forms Authentication. Is there a way to determine whether a page (or request) required authentication or not? My site has logged-in areas, and logged-out areas (all set in web.config under authorization sections), and I'd like a good way to know if asp.net required authentication to be set or not.
I'm using ASP.Net 2.0
I installed my asp.net application on server (Windows Server 2003, Standard Edition, SP2)
I already set:
1. In ASP.NET Configuration Setting: I set Authentication to None.
2. Check Enable anonymmous access.
3. Uncheck Integrated Windows Authentication.
But the brower always show Authentication Required Dialog.
If I ignore this.
It show this error:
Access is denied.
Description:
An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
My website getting a pop up authentication requiring form (user name and password) every time when anyone hit the website.
. Have tried various browsers, Every where i'm facing the same problem. No plugins installed
Im working on a website where users can log into a members area, inside this area they will be able to communicate with other members.
In order to keep an accurate list of who is online and who is not, I would need to update a IsOnline field in my database when they log on and when they exit my website..
The login part is easy, but how can I determine if someone is leaving my website to go to another, or closing the browser.
The error:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
what I'm doing:
I need to enable forms authentication for only one of my pages.
so I made an application under my project using IIS and enabled its forms Authentication. The application contains the page that requires user to log in and a web.config. Below is the code of web.config under the application.
[Code]....
I can't move these codes to the main web.config of the project since in that case all the pages will require log-in.
I have used form authentication, when i am trying to open the forgot passord page by click on link button that is on same login page. it needs authentication without authentication, i am not able to access the forgotpage.aspx
[code]....
While run time if we click submit... login form will redirect to next page in Asp.net .. then if we press back button in the toolbar it will go back to previous page... How to check authentication for the page to disable previous page ....
View 1 Replieswe would like to redirect the user to a given page if the authentication to our SharePoint site fails (i.e. the standard windows login prompt pops up three times - we are using windows authentication). No matter what option we try it always ends up bringing the user back to a blank page.
We have tried writing a HttpModule (and catch the if Response.StatusCode = 401), which doesn't seem to fire any events if the user is not authenticated. We have tried writing a HttpHandler, but of course we can redirect the user if there is an error code but can't continue onto the desired site if not. We have tried doing the following in the web.config:
<customErrors mode="Off">
<error statusCode="401" redirect="http://social.msdn.microsoft.com"/>
</customErrors>
Which doesn't work, again taking us to a blank page.
I am facing one problem while putting below code on master page load event.
if (!User.Identity.IsAuthenticated)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
I have a web application.
I user Forms authentication and set Login.aspx as the Login url.
So when I try to enter any other page in my address bar Iam redirected to Login page as per its setting.
But now I need to give a link called Register in Login.aspx page.
Clicking on Register link should take me to Register.aspx page.
But as per authentication settings Iam redirected to Login page.
So is there a way to omit or escape the register.aspx page from this authentication setting.
I am moving from one laptop (WinXP Pro) to another (Win7 Pro). I have re-installed VS 2008 (which wasn't straightforward BTW).
On copying one of my web projects, now when I choose "view in browser" to look at my handiwork, Firefox now requires authentication. I use my windows username/password.
But IE8 doesn't require authentication.
I don't need authentication if I run VS 2008 as Administrator.
It's not a show-stopper, but it could prove irritating.
I am in the process of designing application in case user authentication if failed i need to redirect to default page (NT Authentication). Is there any way you can redirect the user on IIS if the user is fail go through the NT authenticaiton at IIS level.Options 1 : Always land the user to defalut page and validate there and redirect to site based on the access give the directory level access. I am looking if there any options to let the user to default page in case user access is denied.
View 4 RepliesI have a profile page that sends my users, once they register to a profile page which basically allows them the edit their profile. I use
<
a
href="@Href("~/Account/Profile",
WebSecurity.CurrentUserId)">Edit
your profile</a>
But what i noticed was: When the user goes to the profile page in the url is their account ID. if i change that id for example [URL] to [URL] then i can edit the other users profiles. Im using WebSecurity.RequireAuthenticatedUser(); But im guessing i need to use RequireUser(String)?? To be honest im just lost maybe i need a ( if xxx is IsCurrentUser )?
Recently I start having customers that are not able to login into my site. I have used the same code for months and I can login and authenticate fine it is happening on some customers not all. That is why is so hard to recreate the problem.
What is happening the customer tries to login and get redirected back to loging page. In config file I have this
[Code]....
I can not think of some else, maybe cookies not able on client, or any other security issue, IE version.
I am using VWD 2010 on a windows 7 64 bit install. Using forms authentication I am not being redirected to the login page when not authenticated yet. Even if I start a new web site from template, clear out all cookies, I still go directly to default.aspx. The LoginView control displays the anonymous template verifing I am not authenticated.
configuration why redirection doesn't occur? Remember I am trying this with New Web site template with no mods so I don't think config issue is within application code.
i doing on a 3 tier project a that required a login page, Im not sure how the flow go for the 3 tier...This is my BLL
[Code]....
This is my DAL
[Code]....
And lastly here is the aspx page
[Code]....
When i try to insert my NRIC and password, it's like not passing through the statement, it just say login sucessfully eventhough i put the wrong NRIC/Password/Not valid..
The remote server returned an error: (407) Proxy Authentication Required.I get it when I use the GetReponse() method in WebRequest Dim request As WebRequest = WebRequest.Create(getNextURL()) Dim httpResponse As HttpWebResponse = CType(request.GetResponse(), HttpWebResponse)
View 1 RepliesSince last week I've had a really odd issue with PageMethods and the back button which i've never seen before.
Essentially, I have a 'home page' which on document.ready (using jQuery), loads some data through PageMethods, and then renders a list - from which you can click through to a details page about the item. In general use, it works fine. However, using the back button after clicking through (ie: going back to the home page), it throws a PageMethods error. The browser's 'authentication required' prompt appears, and if you click cancel, the server returns a 401. The error returned by PageMethods on the client side is 'authentication failed'.
Just FYI, the application is using ASP.NET forms authentication. The weird thing is, this happens as soon as you click the link and click back. It's not like the authentication cookie has expired or anything, and if you click cancel when the prompt appears and refresh the page, it works fine. I just can't work out what is going on.
I've tried disabling caching on the page [as I thought it was something to down with some browsers' caches of the DOM), but the same thing happens.
One workaround i've had is to redirect the page to itself if the PageMethods error is 'authentication failed', which does work - but only when you cancel the authentication prompt. Obviously the prompt appears, which is not ideal.
I don't understand it, and the user is clearly authenticated. Does anyone have any idea which might be happening?
It's happening in Chrome, Firefox, and IE.
On the first hit, and only the first hit, to my page having [ALLOW users="*"] in the web.config, the user is redirected to the LoginUrl, but on all subsequent visits to the page, the user IS allowed access. The user shoud ALWAYS be allowed access to this page. I suspect it is a configuration problem, so here are snippets of my web.config...
[code]....
i want a simpe login systemm using webconfig file and one login.aspx page.
View 3 Replieswe have an app built in Java and they use a button onclick of it will re-direct to IIS (to our screen)...what kind of authentication should I need to make sure whether user is coming from that Java screen...
View 1 RepliesI have a logon/register control that is on several pages. Users are logged on with code: - FormsAuthentication.SetAuthCookie(Userid, False) Response.Redirect(Request.Url.AbsoluteUri) ' Round trip is necessary to complete logon
All this was working OK, except that there was a problem with Internet Explorer users: if their browser had the default privacy setting the authorization cookie was rejected. There was no message, but they were not logged on. See [URL] To try to solve this problem I changed to cookieless authentication, but now the logon control doesn't work. The problem is that after cookieless authentication the URL changes from
[URL]
However Request.Url.AbsoluteUri remains http://localhost:3641/TestGDB/login_pages/home2.aspx even after the logon, and so with cookieless authentication the user is not logged on as there is no authentication ticket in the redirect URL.
The problem is "solved" by changing the Redirect statement to Response.Redirect("~/login_pages/home2.aspx") which works perfectly for this particular page, but is obviously wrong when the control is on other pages.
How do I write "Response.Redirect(current page)"?
I have a web page that refreshes every one minute and the solution times out every 20 minutes, would the one minute refresh be considered as user activity and therefore doesn't time out every 20 minutes? And if not, how do I convince the page that the one minute refresh is like a user activity and it shouldn't time out?Here is the javascript to refresh every one minute:
[Code]....
I have created a web application which has two section user and admin. Admin files are within
~/admin folder and user files are in ~/User folder. Admin and user has two different login page within respective directory.
Now I want two apply form authentication for admin and user section. Is it possible to apply form authentication for two different section in a web application?
Since last week I've had a really odd issue with PageMethods and the back button which i've never seen before. Essentially, I have a 'home page' which on document.ready (using Query), loads some data through PageMethods, and then renders a list - from which you can click through to a details page about the item. In general use, it works fine. However, using the back button after clicking through (ie: going back to the home page), it throws a PageMethods error. The browser's 'authentication required' prompt appears, and if you click cancel, the server returns a 404. The error returned by PageMethods on the client side is 'authentication failed'.
Just FYI, the application is using ASP.NET forms authentication. The weird thing is, this happens as soon as you click the link and click back. It's not like the authentication cookie has expired or anything, and if you click cancel when the prompt appears and refresh the page, it works fine. I just can't work out what is going on. I've tried disabling caching on the page [as I thought it was something to down with some browsers' caches of the DOM), but the same thing happens. One workaround i've had is to redirect the page to itself if the PageMethods error is 'authentication failed', which does work - but only when you cancel the authentication prompt. Obviously the prompt appears, which is not ideal. I don't understand it, and the user is clearly authenticated. Does anyone have any idea which might be happening? It's happening in Chrome, Firefox, and IE.